Computing Research Institute

December 8, 2011

WEST LAFAYETTE, Ind. - For centuries, experts have tested the authenticity of famous paintings and literature to spot forgeries. Cyber security researchers at Purdue University, the universities of Texas at San Antonio and Texas at Dallas are looking to apply those same principles to data.

The three universities have been awarded a five-year, $3 million grant from the National Science Foundation to study assured data provenance, the discipline of computer science concerned with the integrity and privacy of data's sources, contents and successive transformations.

"Data, like a historic painting or piece of literature, can have tremendous value since it is widely used to make policy, medical and other important decisions. So its reliability and authenticity is critical," said computer science professor Elisa Bertino, Purdue's principal investigator on this project and interim director of the Cyber Center in Discovery Park.

Researchers will collaborate to develop a comprehensive framework to address the security and privacy challenges of provenance data, allowing society to receive maximum benefits with realistic tradeoffs. Over the past decade, there has been significant progress in techniques and models. But there still is no overarching, systematic framework for the security and privacy of data.

"With the proliferation of data on the web, the source or provenance of data has become a critical factor in establishing data trustworthiness in a variety of business and scientific disciplines," said principal investigator Ravi Sandhu, executive director of the Institute for Cyber Security at the UTSA. "To be useful, provenance data must have high integrity and accuracy. At the same time, provenance data can be confidential and private so it should only be selectively disclosed if at all. How do we balance these conflicting goals?"

"Through this project, our team in Purdue's Cyber Center will focus on the challenging issues in defining models that can provide context for provenance data, its analysis for scientific applications, and how it can be transmitted securely using watermarking techniques," Bertino said. "We also hope to advance tools in how provenance data is captured using various computer operating systems and application software, and systems to ensure the data is authentic without compromising confidentiality and privacy."

"We will enable policies to protect certain sensitive paths in the flow of provenance," said Murat Kantarcioglu, associate professor of computer science and director of the UT Dallas Data Security and Privacy Lab. "In addition, our group will research data sanitization techniques to limit the disclosure of sensitive data sources due to provenance release, and we will develop a risk management framework for provenance releases."

Ultimately, the research will benefit the community by providing protocols to increase the trustworthiness of data found online, transmitted and processed by computers, Bertino said. The research also will offer the universities an opportunity to train graduate students in the theory and practice of data provenance.

UTSA, UT Dallas and Purdue began collaborating on assured data provenance research through a Multidisciplinary University Research Initiatives (MURI) project funded by the Air Force Office of Scientific Research. The MURI project enabled the team to develop the preliminaries of a model for assured data provenance, which they then used to apply for NSF funding.

Other senior researchers on the project include UTSA's Greg White, associate professor of computer science and director of the Center for Infrastructure Assurance and Security, and Shouhuai Xu, associate professor of computer science; UT Dallas' Alain Bensoussan, distinguished research professor of operations management and director of the International Center for Decision and Risk Analysis, and Bhavani Thuraisingham, the Louis A. Beecherl Jr. I distinguished professor of computer science and director of the Cyber Security Research Center; and Gabriel Ghinita, a former postdoctoral student under Bertino at Purdue who now is an assistant professor at the University of Massachusetts, Boston.

The Cyber Center, which was launched at Purdue's interdisciplinary research complex Discovery Park in 2005, is focused on creating systems and tools to disseminate and preserve scientific and engineering knowledge. Its infrastructure is based on distributed computer, information and communication technologies. The center is part of the Purdue initiative called ACCESS - Advanced Computational Center for Engineering and Sciences - and works with the Rosen Center for Advanced Computing and the Computing Research Institute on campus.